March 29, 2024

Azure AD B2C

Tenant – represents your organisation and is a directory of users

An Azure Active Directory Business-to-Customer (Azure AD B2C) tenant contains the following resources:

Directory – This is where your users’ credentials, profile data, and application registrations are stored

Application registrations – You can register your web, mobile, and native applications with Azure AD B2C to enable identity management. You can also register any APIs that you want to protect.

User flows – can be used to enable common identity tasks like sign-up, sign-in, and profile editing

Custom Policies – can be used to build complex identity workflows unique to your organisation and users

Sign-in options:

  • Username, email, and phone sign-in
  • Social identity providers – Federate with standard identity protocols like OAuth2.0, OpenID Connect, and more
  • Keys – Add and manage encryption keys for signing and validating tokens, client secrets, certificates, and passwords

Add your own business logic

Using Custom Policies, you can integrate with a RESTful API in a user journey to add your own business logic to the journey. E.g. Azure AD B2C can exchange data with a RESTful service to:

  • Display custom user-friendly error messages
  • Validate user input to prevent malformed data from persisting in your user directory
  • Enrich user data by integrating with your corporate line-of-business application
  • Using RESTful calls to send push notifications, update corporate databases, run a user migration process, manage permissions, audit databases, and more.

You can add REST API calls at any step in the user journey defined by a custom policy. E.g. you can call a REST API:

  • During sign-in, just before Azure AD B2C validates the credentials
  • Immediately after sign-in
  • Before Azure AD B2C creates a new account in the directory
  • After Azure AD B2C creates a new account in the directory
  • Before Azure AD B2C issues an access token